Experian announced the integration of Mastercard’s identity verification and fraud prevention technology into the Experian Ascend Platform. This collaboration will enable seamless, secure, and efficient identity verification for global clients, helping to prevent fraud and cybercrime. A key feature in Experian’s Identity and Fraud solutions, identity verification, plays a vital role in the fight to prevent fraud and cybercrime. Mastercard’s Identity Insights enriches Experian’s data by verifying and connecting identity elements, aiming to validate individuals’ authenticity. When combined with Experian’s advanced fraud-detection capabilities, the integration offers robust protection against synthetic identity and application fraud, enhancing detection while reducing friction for legitimate customers. The joint solution delivers powerful identity assessment by uniting the Experian Ascend Platform—a decision engine built on Experian’s comprehensive data, strategy design, decision automation, monitoring and reporting—with Mastercard’s Identity Insights for validating identity elements such as name, email, and phone numbers, and analyzing related metadata. Greg Wright, Executive Vice President of Identity and Fraud, Experian Software Solutions said, “By enabling clients with advanced analytics solutions that bring credit, identity, and fraud data into the Ascend Platform, we help them achieve their strategic goals while also driving greater financial inclusion for consumers.”
New order on third party TINs from FinCEN is a good step in the process of Bank Secrecy Act (BSA) modernization providing banks more flexibility to operate in a manner that suits their business model
New exemption orders from agencies including FinCEN, OCC and FDIC now permit banks to collect tax identification number (TIN) information from third parties rather than solely from the financial institution’s customer. That rule requires written procedures that allow a bank to obtain TIN information prior to opening an account and “are based on the bank’s assessment of the relevant risks.” The agencies stressed that the exemption is optimal, as banks are not required to use third-party providers. “The Order will benefit both consumers and the banking industry by promoting innovation and financial inclusion and providing banks more flexibility to operate in a manner that suits their business model,” OCC acting head Rodney Hood said. The agencies said that the new order supports the greater use of online and mobile channels to use online verification services to ensure compliance with KYC rules. In the order itself, the agencies stated that “reliable alternatives exist for verification today that did not exist or were not as prevalent twenty years ago” when customer identification processes were codified, adding that “there could be circumstances in which such processes produce an equivalent or more reliable outcome when banks are permitted the flexibility to change their method of TIN collection based on the bank’s assessment of the relevant risks. The combination of the increase in vulnerability of TINs to identity theft and the availability of reliable alternative options for verification lessens the importance of the specific method of TIN collection for identity verification.” The order added that “while FinCEN and the Agencies are not prescribing specific alternative processes for banks, such processes should take into consideration the purpose of the CIP Rule—to ensure a bank is able to form a reasonable belief that it knows the true identity of each customer—and the bank’s assessment of the relevant risks, including those presented by the various types of accounts maintained by the bank, the various methods of opening accounts provided by the bank, the various types of identifying information available, and the bank’s size, location, product and service offerings, and customer base.”
Meta detects underage Instagram users with AI tools that analyze contextual clues, such as birthday wishes or tip-offs from other users
Meta is using artificial intelligence tools to identify underage Instagram users who may have lied about their age to bypass platform safeguards. The company has announced that suspected underage users will be automatically placed into restricted “Teen Accounts” even if their account lists them as adults. Teen Accounts offer a controlled experience tailored for users under 16, limiting who can interact with them and restricting certain types of content. Meta claims the shift is designed to protect younger users and promote safe online behavior. Techniques include analyzing contextual clues, such as birthday wishes or tip-offs from other users, and comparing them with the stated age. Users will have the option to contest the AI’s decision and adjust their settings if misclassified. Meta will begin notifying parents directly, offering guidance on how to talk to teens about providing accurate age information online and encouraging them to verify their child’s listed birthday on Instagram.
No-code IAM platform offers developers a secure, scalable way to connect AI agents to external tools without having to manually manage and store tokens, scopes, and permissionsNo-code IAM platform offers developers a secure, scalable way to connect AI agents to external tools without having to manually manage and store tokens, scopes, and permissions
Descope, the drag & drop external IAM platform, launched the Agentic Identity Hub, an industry-first platform that helps organizations solve authentication and authorization challenges for AI agents, systems, and workflows. The Descope no / low code external IAM platform helps organizations easily create, modify, and manage journeys for their consumers, business customers, partners, and APIs / AI agents using visual workflows. Capabilities announced include: 1) Inbound Apps, which provide every application an easy way to become its own identity provider using the OAuth standard. This allows AI agents to securely authenticate, access authorized user data, and take scoped actions on behalf of users with their explicit consent. 2) Outbound Apps, which provide every AI agent builder a secure, scalable way to connect AI agents to external tools without having to manually manage and store tokens, scopes, and permissions. Developers can choose from over 50 out-of-the-box tool integration templates including Gmail, HubSpot, GitHub, Snowflake, Slack, Notion, and Shopify. 3) MCP Auth SDKs and APIs that help developers building and managing remote MCP servers secure their systems with robust authorization controls as well as extend the MCP servers’ functionality by connecting them with multiple OAuth-based services.
BlackCloak’s ID verification tech combats deepfake-powered phishing and other impersonation attacks targeted at high-profile executives by enabling users to verify the authenticity of suspicious communications
BlackCloak has launched an industry-first Identity Verification solution to combat deepfake-powered and other impersonation attacks, targeting high-profile executives and individuals. BlackCloak’s new Identity Verification offering is the first to address this rapidly emerging cybersecurity issue by enabling customers who receive a suspicious email to verify the sender’s identity and ensure the message is authentic. Integrated into its Digital Executive Protection platform, this feature enables users to verify the authenticity of suspicious communications, providing vital protection for executives, families, and businesses. BlackCloak’s new Identity Verification feature targets phishing campaigns, such as deepfakes, by allowing the user to prompt the sender to validate that they are who they claim to be through the BlackCloak mobile app. The new feature can combat the impact of deepfakes containing the following attributes: Synthetic Media, Facial Manipulation, Voice Cloning:, and Behavioral Mimicry.
Veza’s platform can automatically scan a company’s applications to determine which user has access to what resources and visualize this information in a graph to aid administrators spot misconfigured access permissions
Veza Inc., a startup that helps enterprises regulate employee access to business applications, has raised $108 million from investors to enhance its technology. It provides a platform that can automatically scan a company’s applications to determine which user has access to what resources. Veza visualizes this information in a graph that helps administrators spot misconfigured access permissions. Using Veza, administrators could find accounts that have permission to change database settings but don’t belong to cybersecurity staff. The platform includes a search bar that makes it possible to browse user accounts with natural language prompts. In a large organization, access permissions are regularly added and removed. Administrators can configure Veza to generate an alert if an account receives access to a system in breach of internal rules. The platform likewise spots accounts that have correct access permissions, but aren’t actively used and therefore represent an unnecessary cybersecurity risk. Companies create accounts for not only employees but also applications. A revenue forecasting tool, for example, might require an account in a sales database to access the transaction logs it holds. Administrators can use Veza to find such accounts in the corporate network and remove them when they’re no longer needed.
New open-source, interoperability protocol LOKA assigns agents a unique and verifiable identity enabling them to communicate with other agents and operate autonomously across different systems
A group of researchers from Carnegie Mellon University proposed a new interoperability protocol governing autonomous AI agents’ identity, accountability and ethics. Layered Orchestration for Knowledgeful Agents, or LOKA, could join other proposed standards like Google’s Agent2Agent (A2A) and Model Context Protocol (MCP) from Anthropic. The open-source LOKA, which would enable agents to prove their identity, “exchange semantically rich, ethically annotated messages,” add accountability, and establish ethical governance throughout the agent’s decision-making process. LOKA builds on what the researchers refer to as a Universal Agent Identity Layer, a framework that assigns agents a unique and verifiable identity. The researchers said LOKA stands out because it establishes crucial information for agents to communicate with other agents and operate autonomously across different systems. LOKA could be helpful for enterprises to ensure the safety of agents they deploy in the world and provide a traceable way to understand how the agent made decisions. A fear many enterprises have is that an agent will tap into another system or access private data and make a mistake. LOKA will have to compete with other agentic protocols and standards that are now emerging. Protocols like MCP and A2A have found a large audience, not just because of the technical solutions they provide, but because these projects are backed by organizations people know. Anthropic started MCP, while Google backs A2A, and both protocols have gathered many companies open to use — and improve — these standards.
Checkout.com’s IDV solution uses AI-based facial matching and liveness detection to verify users against their onboarding data and detect spoofing attempts like deepfakes or video injection at any point in UX journey
Checkout.com announced the launch of face authentication, an AI-powered extension to its Identity Verification (IDV) solution. The new feature enables businesses to securely verify and re-authenticate returning users in seconds using live video and facial matching, helping to remove friction from critical user flows such as password recovery, employee onboarding, and secure platform access. IDV now uses AI-based facial matching and liveness detection to verify users against their onboarding data, while detecting spoofing attempts like deepfakes, masks, or video injection. The feature can be triggered at any point in the user journey, and is fully automated, removing the need for passwords, one-time codes, or manual review. The product supports a broad set of industries, including but not limited to government, healthcare, financial services, e-signatures, food delivery, loyalty programs, and airlines. “Checkout.com’s biometric solution sets a new benchmark in identity verification, combining greater speed and security with a firm commitment to ethical standards,” comments Milan Jani, VP of Product at Checkout.com. “Built to meet FIDO Alliance certification requirements, the product is already achieving consistent algorithm performance, confidently offering businesses and users alike inclusive and secure experiences.” Face authentication, which is available through an all-in-one verification API, has already helped customers achieve up to an 8-point increase in returning-user conversion rates.
Socure launches advanced pre-fill solution achieving a 91% match rate—far surpassing the industry average of 66% achieved with device intelligence, ID Graph Intelligence, and multiple layers of authentication directly from the carriers
Socure, has launched Socure’s Advanced Pre-Fill, a groundbreaking solution that redefines the customer onboarding experience, leveraging RiskOS™. Socure’s Advanced Pre-Fill dramatically streamlines onboarding by pre-populating application forms with the highest-verified identity information available—delivering speed, security, and scalability like never before. Socure’s Advanced Pre-Fill eliminates that friction by requiring minimal input from users, all while achieving a 91% match rate—far surpassing the industry average of 66%. This performance leap translates into higher conversion rates, faster time to fund, and reduced customer drop-off. Unlike legacy systems that rely heavily on limiting phone or credit header data, Socure’s solution taps into a vast array of authoritative signals—phone and carrier data, device information, graph intelligence, multi-bureau, tax, public records and more—to construct a rich, multi-dimensional view of identity. Socure’s Advanced Pre-Fill is available via client-side and server-side SDKs and APIs, making it easy to integrate into any digital application experience. Socure’s Advanced Pre-Fill accelerates customer onboarding by implementing form fill automation with authenticated data. Device Intelligence, ID Graph Intelligence, and multiple layers of authentication directly from the carriers not only ensures the best possible population coverage and entity resolution, but additionally plays a role in enabling instant fraud decisions. Socure Advanced Pre-Fill delivers measurable business impact through: Enhanced User Experience, Operational Efficiency, Improved Security.
World partners with Tinder, Visa to bring its ID-verifying eyeball-scanning Orb devices to more places
World, the biometric ID company best known for its eyeball-scanning Orb devices, announced several partnerships aimed at driving sign-ups and demonstrating the applications of its tech. World is partnering with Match Group, the dating app conglomerate, to verify the identities of Tinder users in Japan using World’s identity verification system. Additionally, World has established separate collaborations with both the prediction market startup Kalshi and the decentralized lending platform Morpho; these partnerships enable customers to sign in to these services using their IDs already registered with World. And World plans to team up with Visa to launch The World Card, a card that lets users spend digital assets anywhere Visa is accepted. With these new partnerships, World is going after a broader audience — one that previously might not have considered having their eyeballs scanned to verify their “humanness.” The World Card is perhaps the most interesting of the new projects. Expected to become available in the U.S. later this year, it’ll connect to World’s World App and allow users to transact with cryptocurrencies. The card will automatically exchange crypto to fiat when needed, and potentially offer certain rewards for specific “AI subscriptions and services.” Also announced a collaboration with Stripe to allow users to pay with World on Stripe-enabled websites and apps.